localstack-core 4.7.1.dev139__py3-none-any.whl → 4.10.1.dev42__py3-none-any.whl

localstack/services/dynamodb/provider.py

@@ -47,6 +47,8 @@ from localstack.aws.api.dynamodb import (
     DeleteRequest,
     DeleteTableOutput,
     DescribeContinuousBackupsOutput,
+    DescribeContributorInsightsInput,
+    DescribeContributorInsightsOutput,
     DescribeGlobalTableOutput,
     DescribeKinesisStreamingDestinationOutput,
     DescribeTableOutput,
@@ -746,6 +748,9 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
             if "NumberOfDecreasesToday" not in table_description["ProvisionedThroughput"]:
                 table_description["ProvisionedThroughput"]["NumberOfDecreasesToday"] = 0
 
+        if "WarmThroughput" in table_description:
+            table_description["WarmThroughput"]["Status"] = "UPDATING"
+
         tags = table_definitions.pop("Tags", [])
         if tags:
             get_store(context.account_id, context.region).TABLE_TAGS[table_arn] = {
@@ -763,6 +768,13 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
     ) -> DeleteTableOutput:
         global_table_region = self.get_global_table_region(context, table_name)
 
+        self.ensure_table_exists(
+            context.account_id,
+            global_table_region,
+            table_name,
+            error_message=f"Requested resource not found: Table: {table_name} not found",
+        )
+
         # Limitation note: On AWS, for a replicated table, if the source table is deleted, the replicated tables continue to exist.
         # This is not the case for LocalStack, where all replicated tables will also be removed if source is deleted.
 
@@ -823,6 +835,9 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
                 table_description["TableClassSummary"] = {
                     "TableClass": table_definitions["TableClass"]
                 }
+            if warm_throughput := table_definitions.get("WarmThroughput"):
+                table_description["WarmThroughput"] = warm_throughput.copy()
+                table_description["WarmThroughput"].setdefault("Status", "ACTIVE")
 
         if "GlobalSecondaryIndexes" in table_description:
             for gsi in table_description["GlobalSecondaryIndexes"]:
@@ -835,6 +850,17 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
                 # Terraform depends on this parity for update operations
                 gsi["ProvisionedThroughput"] = default_values | gsi.get("ProvisionedThroughput", {})
 
+        # Set defaults for warm throughput
+        if "WarmThroughput" not in table_description:
+            billing_mode = table_definitions.get("BillingMode") if table_definitions else None
+            table_description["WarmThroughput"] = {
+                "ReadUnitsPerSecond": 12000 if billing_mode == "PAY_PER_REQUEST" else 5,
+                "WriteUnitsPerSecond": 4000 if billing_mode == "PAY_PER_REQUEST" else 5,
+            }
+        table_description["WarmThroughput"]["Status"] = (
+            table_description.get("TableStatus") or "ACTIVE"
+        )
+
         return DescribeTableOutput(
             Table=select_from_typed_dict(TableDescription, table_description)
         )
@@ -955,6 +981,22 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
 
         return response
 
+    #
+    # Contributor Insights
+    #
+
+    @handler("DescribeContributorInsights", expand=False)
+    def describe_contributor_insights(
+        self,
+        context: RequestContext,
+        describe_contributor_insights_input: DescribeContributorInsightsInput,
+    ) -> DescribeContributorInsightsOutput:
+        return DescribeContributorInsightsOutput(
+            TableName=describe_contributor_insights_input["TableName"],
+            IndexName=describe_contributor_insights_input.get("IndexName"),
+            ContributorInsightsStatus="DISABLED",
+        )
+
     #
     # Item ops
     #

localstack/services/dynamodb/v2/provider.py

@@ -40,6 +40,8 @@ from localstack.aws.api.dynamodb import (
     DeleteRequest,
     DeleteTableOutput,
     DescribeContinuousBackupsOutput,
+    DescribeContributorInsightsInput,
+    DescribeContributorInsightsOutput,
     DescribeGlobalTableOutput,
     DescribeKinesisStreamingDestinationOutput,
     DescribeTableOutput,
@@ -558,6 +560,9 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
             if "NumberOfDecreasesToday" not in table_description["ProvisionedThroughput"]:
                 table_description["ProvisionedThroughput"]["NumberOfDecreasesToday"] = 0
 
+        if "WarmThroughput" in table_description:
+            table_description["WarmThroughput"]["Status"] = "UPDATING"
+
         tags = table_definitions.pop("Tags", [])
         if tags:
             get_store(context.account_id, context.region).TABLE_TAGS[table_arn] = {
@@ -575,6 +580,13 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
     ) -> DeleteTableOutput:
         global_table_region = self.get_global_table_region(context, table_name)
 
+        self.ensure_table_exists(
+            context.account_id,
+            global_table_region,
+            table_name,
+            error_message=f"Requested resource not found: Table: {table_name} not found",
+        )
+
         # Limitation note: On AWS, for a replicated table, if the source table is deleted, the replicated tables continue to exist.
         # This is not the case for LocalStack, where all replicated tables will also be removed if source is deleted.
 
@@ -634,6 +646,9 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
                 table_description["TableClassSummary"] = {
                     "TableClass": table_definitions["TableClass"]
                 }
+            if warm_throughput := table_definitions.get("WarmThroughput"):
+                table_description["WarmThroughput"] = warm_throughput.copy()
+                table_description["WarmThroughput"].setdefault("Status", "ACTIVE")
 
         if "GlobalSecondaryIndexes" in table_description:
             for gsi in table_description["GlobalSecondaryIndexes"]:
@@ -646,6 +661,17 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
                 # Terraform depends on this parity for update operations
                 gsi["ProvisionedThroughput"] = default_values | gsi.get("ProvisionedThroughput", {})
 
+        # Set defaults for warm throughput
+        if "WarmThroughput" not in table_description:
+            billing_mode = table_definitions.get("BillingMode") if table_definitions else None
+            table_description["WarmThroughput"] = {
+                "ReadUnitsPerSecond": 12000 if billing_mode == "PAY_PER_REQUEST" else 5,
+                "WriteUnitsPerSecond": 4000 if billing_mode == "PAY_PER_REQUEST" else 5,
+            }
+        table_description["WarmThroughput"]["Status"] = (
+            table_description.get("TableStatus") or "ACTIVE"
+        )
+
         return DescribeTableOutput(
             Table=select_from_typed_dict(TableDescription, table_description)
         )
@@ -757,6 +783,22 @@ class DynamoDBProvider(DynamodbApi, ServiceLifecycleHook):
 
         return response
 
+    #
+    # Contributor Insights
+    #
+
+    @handler("DescribeContributorInsights", expand=False)
+    def describe_contributor_insights(
+        self,
+        context: RequestContext,
+        describe_contributor_insights_input: DescribeContributorInsightsInput,
+    ) -> DescribeContributorInsightsOutput:
+        return DescribeContributorInsightsOutput(
+            TableName=describe_contributor_insights_input["TableName"],
+            IndexName=describe_contributor_insights_input.get("IndexName"),
+            ContributorInsightsStatus="DISABLED",
+        )
+
     #
     # Item ops
     #

localstack/services/ecr/resource_providers/aws_ecr_repository.py

@@ -6,7 +6,6 @@ from pathlib import Path
 from typing import TypedDict
 
 import localstack.services.cloudformation.provider_utils as util
-from localstack.constants import AWS_REGION_US_EAST_1, DEFAULT_AWS_ACCOUNT_ID
 from localstack.services.cloudformation.resource_provider import (
     OperationStatus,
     ProgressEvent,
@@ -90,6 +89,10 @@ class ECRRepositoryProvider(ResourceProvider[ECRRepositoryProperties]):
 
         """
         model = request.desired_state
+        model["RepositoryName"] = (
+            model.get("RepositoryName")
+            or util.generate_default_name(request.stack_name, request.logical_resource_id).lower()
+        )
 
         default_repos_per_stack[request.stack_name] = model["RepositoryName"]
         LOG.warning(
@@ -98,7 +101,7 @@ class ECRRepositoryProvider(ResourceProvider[ECRRepositoryProperties]):
         model.update(
             {
                 "Arn": arns.ecr_repository_arn(
-                    model["RepositoryName"], DEFAULT_AWS_ACCOUNT_ID, AWS_REGION_US_EAST_1
+                    model["RepositoryName"], request.account_id, request.region_name
                 ),
                 "RepositoryUri": "http://localhost:4566",
                 "ImageTagMutability": "MUTABLE",

localstack/services/es/provider.py

@@ -3,7 +3,6 @@ from typing import cast
 
 from botocore.exceptions import ClientError
 
-from localstack import constants
 from localstack.aws.api import RequestContext, handler
 from localstack.aws.api.es import (
     ARN,
@@ -68,6 +67,7 @@ from localstack.aws.api.opensearch import (
     VersionString,
 )
 from localstack.aws.connect import connect_to
+from localstack.services.opensearch.packages import ELASTICSEARCH_DEFAULT_VERSION
 
 
 def _version_to_opensearch(
@@ -236,7 +236,7 @@ class EsProvider(EsApi):
         engine_version = (
             _version_to_opensearch(elasticsearch_version)
             if elasticsearch_version
-            else constants.ELASTICSEARCH_DEFAULT_VERSION
+            else ELASTICSEARCH_DEFAULT_VERSION
         )
         kwargs = {
             "DomainName": domain_name,

localstack/services/events/event_rule_engine.py

@@ -59,14 +59,21 @@ class EventRuleEngine:
             for flat_pattern in flat_pattern_conditions
         )
 
-    def _evaluate_condition(self, value, condition, field_exists: bool):
+    def _evaluate_condition(self, value: t.Any, condition: t.Any, field_exists: bool) -> bool:
         if not isinstance(condition, dict):
             return field_exists and value == condition
+
         elif (must_exist := condition.get("exists")) is not None:
             # if must_exists is True then field_exists must be True
             # if must_exists is False then fields_exists must be False
             return must_exist == field_exists
+
         elif (anything_but := condition.get("anything-but")) is not None:
+            if not field_exists:
+                # anything-but can handle None `value`, but it needs to differentiate between user-set `null` and
+                # missing value
+                return False
+
             if isinstance(anything_but, dict):
                 if (not_condition := anything_but.get("prefix")) is not None:
                     predicate = self._evaluate_prefix
@@ -95,6 +102,7 @@ class EventRuleEngine:
         elif value is None:
             # the remaining conditions require the value to not be None
             return False
+
         elif (prefix := condition.get("prefix")) is not None:
             if isinstance(prefix, dict):
                 if (prefix_equal_ignore_case := prefix.get("equals-ignore-case")) is not None:
@@ -104,7 +112,7 @@ class EventRuleEngine:
 
         elif (suffix := condition.get("suffix")) is not None:
             if isinstance(suffix, dict):
-                if suffix_equal_ignore_case := suffix.get("equals-ignore-case"):
+                if (suffix_equal_ignore_case := suffix.get("equals-ignore-case")) is not None:
                     return self._evaluate_suffix(suffix_equal_ignore_case.lower(), value.lower())
             else:
                 return self._evaluate_suffix(suffix, value)
@@ -126,19 +134,19 @@ class EventRuleEngine:
         return False
 
     @staticmethod
-    def _evaluate_prefix(condition: str | list, value: str) -> bool:
-        return value.startswith(condition)
+    def _evaluate_prefix(condition: str | list, value: t.Any) -> bool:
+        return isinstance(value, str) and value.startswith(condition)
 
     @staticmethod
-    def _evaluate_suffix(condition: str | list, value: str) -> bool:
-        return value.endswith(condition)
+    def _evaluate_suffix(condition: str | list, value: t.Any) -> bool:
+        return isinstance(value, str) and value.endswith(condition)
 
     @staticmethod
-    def _evaluate_equal_ignore_case(condition: str, value: str) -> bool:
-        return condition.lower() == value.lower()
+    def _evaluate_equal_ignore_case(condition: str, value: t.Any) -> bool:
+        return isinstance(value, str) and condition.lower() == value.lower()
 
     @staticmethod
-    def _evaluate_cidr(condition: str, value: str) -> bool:
+    def _evaluate_cidr(condition: str, value: t.Any) -> bool:
         try:
             ip = ipaddress.ip_address(value)
             return ip in ipaddress.ip_network(condition)
@@ -146,8 +154,10 @@ class EventRuleEngine:
             return False
 
     @staticmethod
-    def _evaluate_wildcard(condition: str, value: str) -> bool:
-        return bool(re.match(re.escape(condition).replace("\\*", ".+") + "$", value))
+    def _evaluate_wildcard(condition: str, value: t.Any) -> bool:
+        return isinstance(value, str) and bool(
+            re.match(re.escape(condition).replace("\\*", ".+") + "$", value)
+        )
 
     @staticmethod
     def _evaluate_numeric_condition(conditions: list, value: t.Any) -> bool:
@@ -457,10 +467,18 @@ class EventPatternCompiler:
                     return
 
                 elif operator == "anything-but":
-                    # anything-but can actually contain any kind of simple rule (str, number, and list)
+                    # anything-but can actually contain any kind of simple rule (str, number, and list) except Null
+                    if value is None:
+                        raise InvalidEventPatternException(
+                            f"{self.error_prefix}Value of anything-but must be an array or single string/number value."
+                        )
                     if isinstance(value, list):
                         for v in value:
-                            self._validate_rule(v)
+                            if v is None:
+                                raise InvalidEventPatternException(
+                                    f"{self.error_prefix}Inside anything but list, start|null|boolean is not supported."
+                                )
+                            self._validate_rule(v, from_="anything-but")
 
                         return
 

localstack/services/events/models.py

@@ -4,7 +4,7 @@ from datetime import UTC, datetime
 from enum import Enum
 from typing import Literal, TypeAlias, TypedDict
 
-from localstack.aws.api.core import ServiceException
+from localstack.aws.api import CommonServiceException
 from localstack.aws.api.events import (
     ApiDestinationDescription,
     ApiDestinationHttpMethod,
@@ -66,10 +66,9 @@ from localstack.utils.tagging import TaggingService
 TargetDict = dict[TargetId, Target]
 
 
-class ValidationException(ServiceException):
-    code: str = "ValidationException"
-    sender_fault: bool = True
-    status_code: int = 400
+class ValidationException(CommonServiceException):
+    def __init__(self, message: str):
+        super().__init__("ValidationException", message, 400, True)
 
 
 class InvalidEventPatternException(Exception):

localstack/services/events/target.py

@@ -90,11 +90,20 @@ def get_template_replacements(
     return template_replacements
 
 
-def replace_template_placeholders(
-    template: str, replacements: dict[str, Any], is_json_template: bool
-) -> TransformedEvent:
-    """Replace placeholders defined by <key> in the template with the values from the replacements dict.
-    Can handle single template string or template dict."""
+def replace_template_placeholders(template: str, replacements: dict[str, Any]) -> TransformedEvent:
+    """
+    Replaces placeholders in an EventBridge-style InputTemplate string.
+
+    :param template: The template string containing placeholders like ``<$.foo.bar>``.
+    :type template: str
+    :param replacements: A dictionary providing values to fill in.
+    :type replacements: dict
+    :returns: The transformed string with placeholders replaced by values from ``replacements``.
+    :rtype: str
+    """
+
+    ...
+    is_json_template = template.strip().startswith("{")
 
     def replace_placeholder(match):
         key = match.group(1)
@@ -110,6 +119,8 @@ def replace_template_placeholders(
             if is_json_template:
                 return json.dumps(value)
             return f"[{','.join(value)}]"
+        if isinstance(value, bool):
+            return json.dumps(value)
         if is_nested_in_string(template, match):
             return value
         if is_json_template:
@@ -222,10 +233,7 @@ class TargetSender(ABC):
         predefined_template_replacements = self._get_predefined_template_replacements(event)
         template_replacements.update(predefined_template_replacements)
 
-        is_json_template = input_template.strip().startswith("{")
-        populated_template = replace_template_placeholders(
-            input_template, template_replacements, is_json_template
-        )
+        populated_template = replace_template_placeholders(input_template, template_replacements)
 
         return populated_template
 

localstack/services/iam/provider.py

@@ -20,10 +20,7 @@ from moto.iam.utils import generate_access_key_id_from_account_id
 
 from localstack.aws.api import CommonServiceException, RequestContext, handler
 from localstack.aws.api.iam import (
-    ActionNameListType,
-    ActionNameType,
     AttachedPermissionsBoundary,
-    ContextEntryListType,
     CreateRoleRequest,
     CreateRoleResponse,
     CreateServiceLinkedRoleResponse,
@@ -33,7 +30,6 @@ from localstack.aws.api.iam import (
     DeleteServiceLinkedRoleResponse,
     DeletionTaskIdType,
     DeletionTaskStatusType,
-    EvaluationResult,
     GetServiceLinkedRoleDeletionStatusResponse,
     GetUserResponse,
     IamApi,
@@ -43,16 +39,12 @@ from localstack.aws.api.iam import (
     ListServiceSpecificCredentialsResponse,
     MalformedPolicyDocumentException,
     NoSuchEntityException,
-    PolicyEvaluationDecisionType,
     ResetServiceSpecificCredentialResponse,
-    ResourceHandlingOptionType,
-    ResourceNameListType,
-    ResourceNameType,
     Role,
     ServiceSpecificCredential,
     ServiceSpecificCredentialMetadata,
     SimulatePolicyResponse,
-    SimulationPolicyListType,
+    SimulatePrincipalPolicyRequest,
     User,
     allUsers,
     arnType,
@@ -65,7 +57,6 @@ from localstack.aws.api.iam import (
     maxItemsType,
     pathPrefixType,
     pathType,
-    policyDocumentType,
     roleDescriptionType,
     roleNameType,
     serviceName,
@@ -78,6 +69,10 @@ from localstack.aws.api.iam import (
 from localstack.aws.connect import connect_to
 from localstack.constants import INTERNAL_AWS_SECRET_ACCESS_KEY
 from localstack.services.iam.iam_patches import apply_iam_patches
+from localstack.services.iam.resources.policy_simulator import (
+    BasicIAMPolicySimulator,
+    IAMPolicySimulator,
+)
 from localstack.services.iam.resources.service_linked_roles import SERVICE_LINKED_ROLES
 from localstack.services.moto import call_moto
 from localstack.utils.aws.request_context import extract_access_key_id_from_auth_header
@@ -108,58 +103,12 @@ def get_iam_backend(context: RequestContext) -> IAMBackend:
     return iam_backends[context.account_id][context.partition]
 
 
-def get_policies_from_principal(backend: IAMBackend, principal_arn: str) -> list[dict]:
-    policies = []
-    if ":role" in principal_arn:
-        role_name = principal_arn.split("/")[-1]
-
-        policies.append(backend.get_role(role_name=role_name).assume_role_policy_document)
-
-        policy_names = backend.list_role_policies(role_name=role_name)
-        policies.extend(
-            [
-                backend.get_role_policy(role_name=role_name, policy_name=policy_name)[1]
-                for policy_name in policy_names
-            ]
-        )
-
-        attached_policies, _ = backend.list_attached_role_policies(role_name=role_name)
-        policies.extend([policy.document for policy in attached_policies])
-
-    if ":group" in principal_arn:
-        print(principal_arn)
-        group_name = principal_arn.split("/")[-1]
-        policy_names = backend.list_group_policies(group_name=group_name)
-        policies.extend(
-            [
-                backend.get_group_policy(group_name=group_name, policy_name=policy_name)[1]
-                for policy_name in policy_names
-            ]
-        )
-
-        attached_policies, _ = backend.list_attached_group_policies(group_name=group_name)
-        policies.extend([policy.document for policy in attached_policies])
-
-    if ":user" in principal_arn:
-        print(principal_arn)
-        user_name = principal_arn.split("/")[-1]
-        policy_names = backend.list_user_policies(user_name=user_name)
-        policies.extend(
-            [
-                backend.get_user_policy(user_name=user_name, policy_name=policy_name)[1]
-                for policy_name in policy_names
-            ]
-        )
-
-        attached_policies, _ = backend.list_attached_user_policies(user_name=user_name)
-        policies.extend([policy.document for policy in attached_policies])
-
-    return policies
-
-
 class IamProvider(IamApi):
+    policy_simulator: IAMPolicySimulator
+
     def __init__(self):
         apply_iam_patches()
+        self.policy_simulator = BasicIAMPolicySimulator()
 
     @handler("CreateRole", expand=False)
     def create_role(
@@ -181,68 +130,14 @@ class IamProvider(IamApi):
 
         return result
 
-    @staticmethod
-    def build_evaluation_result(
-        action_name: ActionNameType, resource_name: ResourceNameType, policy_statements: list[dict]
-    ) -> EvaluationResult:
-        eval_res = EvaluationResult()
-        eval_res["EvalActionName"] = action_name
-        eval_res["EvalResourceName"] = resource_name
-        eval_res["EvalDecision"] = PolicyEvaluationDecisionType.explicitDeny
-        for statement in policy_statements:
-            # TODO Implement evaluation logic here
-            if (
-                action_name in statement["Action"]
-                and resource_name in statement["Resource"]
-                and statement["Effect"] == "Allow"
-            ):
-                eval_res["EvalDecision"] = PolicyEvaluationDecisionType.allowed
-                eval_res["MatchedStatements"] = []  # TODO: add support for statement compilation.
-        return eval_res
-
+    @handler("SimulatePrincipalPolicy", expand=False)
     def simulate_principal_policy(
         self,
         context: RequestContext,
-        policy_source_arn: arnType,
-        action_names: ActionNameListType,
-        policy_input_list: SimulationPolicyListType = None,
-        permissions_boundary_policy_input_list: SimulationPolicyListType = None,
-        resource_arns: ResourceNameListType = None,
-        resource_policy: policyDocumentType = None,
-        resource_owner: ResourceNameType = None,
-        caller_arn: ResourceNameType = None,
-        context_entries: ContextEntryListType = None,
-        resource_handling_option: ResourceHandlingOptionType = None,
-        max_items: maxItemsType = None,
-        marker: markerType = None,
+        request: SimulatePrincipalPolicyRequest,
         **kwargs,
     ) -> SimulatePolicyResponse:
-        backend = get_iam_backend(context)
-
-        policies = get_policies_from_principal(backend, policy_source_arn)
-
-        def _get_statements_from_policy_list(policies: list[str]):
-            statements = []
-            for policy_str in policies:
-                policy_dict = json.loads(policy_str)
-                if isinstance(policy_dict["Statement"], list):
-                    statements.extend(policy_dict["Statement"])
-                else:
-                    statements.append(policy_dict["Statement"])
-            return statements
-
-        policy_statements = _get_statements_from_policy_list(policies)
-
-        evaluations = [
-            self.build_evaluation_result(action_name, resource_arn, policy_statements)
-            for action_name in action_names
-            for resource_arn in resource_arns
-        ]
-
-        response = SimulatePolicyResponse()
-        response["IsTruncated"] = False
-        response["EvaluationResults"] = evaluations
-        return response
+        return self.policy_simulator.simulate_principal_policy(context, request)
 
     def delete_policy(self, context: RequestContext, policy_arn: arnType, **kwargs) -> None:
         backend = get_iam_backend(context)